KARACHI: K-Electric (KE), the biggest electricity provider in Pakistan’s southern metropolis Karachi, on Friday afternoon announced it had restored customer services, after a cyberattack demanding a $3.85 million ransom payment.
The Netwalker ransomware attack on Monday disrupted KE’s billing and online services. It was only on Wednesday that the utility company serving around 2.5 million customers admitted that its services had been hacked. Information security and technology news publication BleepingComputer.com reported that the ransomware operators demanded $3.85 million to be paid in bitcoins.
“All customer services, including bill payment solutions and 118 call center, are operational and fully functional, to ensure the integrity of our systems, as a precautionary measure, we have isolated few non-critical services,” KE said in a statement on its website on Friday.
According to BleepingComputer.com, a partner of the “No More Ransom” initiative by the National High-Tech Crime Unit of the Netherlands’ police, European Cybercrime Center, Kaspersky and McAfee, the attackers said the ransom amount would increase to $7.7 million if the $3.85 million was not paid by KE within seven days.
It is not clear whether the company paid the ransom. KE officials did not respond to Arab News despite repeated requests for comment. KE announced that its teams are in consultation with international information security experts and local authorities.
Following the attack, customers were unable to lodge complaints about power failures through the KE 118 helpline, 8119 SMS service and KE Live App, or obtain duplicate bills from its website.
Cybersecurity experts say such ransomware attacks are launched due to internal security lapses.
“These attacks are launched through a computer virus that encrypts computer data,” Qazi Mohammad Misbahuddin Ahmed, CEO of cybersecurity services provider Pakistan Computer Emergency Response Team (PakCERT) told Arab. “Attack is triggered with the use of infected USB or downloaded files.”
“Every day, ransomware operators get payments through attacks ranging from few hundred to millions of dollars from individuals and companies,” Ahmed said, “They have obviously demanded big amount from KE being a big company.”
If targeted companies have backup or security software, they can immediately restore their services. Otherwise, they are forced to pay the ransom.
“The encryption that ransomware operators use normally could not be broken, it’s almost impossible. Victims are left with two choices: either to rebuild entire data or pay the ransom. Usually big companies even pay the ransom as they can’t restore critical data,” Ahmed said.
KE is run by Abraaj Group and Aljomaih/NIG with 66.4 percent stakes. The Pakistani government’s shareholding stands at 24.4 percent.
